That's Not A New Hit Song You Just Downloaded -- It's Japan's Nuclear Secrets

from the who-hired-that-guy? dept

While IT managers may not see the importance of security software for themselves, you would think they would be a little more careful with things like interns and contractors. Not so, apparently. Over in Japan, a lot of people are not happy after discovering that a lot of classified technical data on nuclear power plants was leaked onto the internet by a contractor using a computer with a file sharing app that was apparently left open to sharing everything on the machine. First off, what kind of nuclear plant contractor is putting a file sharing app on his work laptop? Also, the article notes that the laptop was infested with viruses, but later seems to blame the file sharing app rather than the viruses -- so it's not entirely clear what the viruses have to do with this story. Update: Another article on this story notes that it was the virus that made the material available via the file sharing app. It also notes that the guy was using his personal computer -- and somehow this was allowed. It also details the information leaked, including inspection data, photographs and names of inspectors, as well as where they stayed when they did the inspections. No matter what, you have to wonder why the guy was allowed to use his personal computer or to use any computer for this data that hadn't been checked first for viruses or other vulnerabilities.

Abstract Threats

In the end, does it matter? If anything, security leaks like these make it easier for the media to find incompentencies in the nuclear program, to prevent future disasters such as those at Tokai-Mura. It's unlikely that terrorists such as North Koreans could do anything, since they don't even know how to build their own nuclear power plants, and getting around all the redundant safety mechanisms to cause a meltdown is hard.

How many hundreds of times have we heard since 9/11 about "imminent terrorist attacks"? How many of them happened?

Re: Abstract Threats

As we all know, security is not a product, but it's a process instead. Using or not using any application on the laptop is only one of the basis for security in such a secret area. But I think the most important security breach here has been lack of information classification and access control. By classification of important information in the company, you will made a barrier against all types of information stealling (By viruses, worms, malwares or even personnel)

hmm, lets see. Mister Toji stays in this hotel every 3 months for a week while doing an inspection. He always stays in room 312. I think I'll take room 311 during the same time so I can kidnap him, to find out how to cause a nuclear meltdown. hmm.

Since I have his name and photograph, maybe I'll just abduct his wife or children and blackmail him into stealing some nuclear material for that bomb I was gonna build. hmm.

Oh yeah, this info really lets the media know whats going on in a secret area. Wake up and smell the plutonium!